Pentest Tools

envizon – the network visualization tool

This topic contains 0 replies, has 1 voice, and was last updated by  Christoph Peil 2 months ago.

  • Author
    Posts
  • #22237

    Christoph Peil
    Participant

    envizon – the network visualization tool

    This tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and organization tool, ‘envizon’. We hope your feedback will help to improve and hone it even further.

    Usecase

    We use envizon for our pentests in order to get an overview of a network and quickly identify the most promising targets.

    Core Features:

    • Scan networks with predefined or custom nmap queries
    • Order clients with preconfigured or custom groups
    • Search through all attributes of clients and create complex linked queries
    • Get an overview of your targets during pentests with predefined security labels
    • Save and reuse your most used nmap scans
    • Collaborate with your team on the project in realtime
    • Export selected clients in a text file to connect other tools fast

    How to start:

    To avoid compatibility and dependency issues, and to make it easy to set up, we use Docker. You can build your own images or use prebuilt ones from Docker Hub.

    With Docker

    Docker and Docker Compose are required.

    git clone https://github.com/evait-security/envizon
    cd envizon
    # Create self-signed certificates:
    mkdir .ssl
    openssl req -x509 -sha256 -nodes -newkey rsa:2048 -days 365 -keyout .ssl/localhost.key -out .ssl/localhost.crt
    # If you want to use certificates located elsewhere, provide their pathes with SSL_CERT_PATH and SSL_KEY_PATH
    # Create a secret, if you have rails installed locally you can just use:
    rails secret
    # otherwise, use openssl:
    openssl rand -hex 64
    # this needs to be provided either as an environment variable (SECRET_KEY_BASE), or added in the docker-compose.yml
    sudo docker-compose up

    Set a password

    After starting the docker images go to: https://localhost:3000/ (or http://localhost:3000 if not using SSL)

    You have to specify a password for your envizon instance. You can change it in the settings interface after logging in.

    Scan Interface

    The scan interface is divided in two sections. On the left side you can run a new scan with preconfigured parameters or your own nmap fu. You also have the possibility to upload previously created nmap scans (with the -oX parameter).

    On the right side you will see your running and finished scans.

    Groups

    The group interface is the heart of envizon. You can select, group, order, quick search, global search, move, copy, delete and view your clients. The left side represents the group list. If you click on a group you will get a detailed view in the center of the page with the group content. Each client in a group has a link. By clicking on the IP address you will get a more detailed view on the right side with all attributes, labels, ports and nmap output.

    Most of the buttons and links have tooltips.

    Global Search

    In this section you can search for nearly anything in the database and combine each search parameter with ‘AND’, ‘OR’ & ‘NOT’.

    Perform simple queries for hostname, IP, open ports, etc. or create combined queries like: hostname contains ‘win’ AND mac address starts with ‘0E:5C’ OR has port 21 and 22 open.

    Help and Download:

    You can get some information about the structure and usage on the official wiki.
    https://github.com/evait-security/envizon/wiki

    • This topic was modified 2 months ago by  Christoph Peil. Reason: better formatting
    • This topic was modified 2 months ago by  Christoph Peil. Reason: additional group picture

You must be logged in to reply to this topic.


Back to Top ↑